Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

"Suspicious file": Could not update to Drupal 7.22 on cPanel CentOS server.

Discussion in 'Security' started by SandPond, Apr 9, 2013.

  1. SandPond

    SandPond Registered

    Joined:
    Apr 9, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Could not update to Drupal 7.22 on cPanel CentOS server. Received a fatal error whitescreen relating to not finding panels/minipanels scripts. When I turned off all modules related to panels/minipanels, and retried the update, I recived as list of messages reporting missing modules: ctools,rules,wysiwyg, etc.

    Going through server logs I found the following in /var/log/lfd.log:

    Apr 8 19:26:22 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/rules/rules.api.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/ctools.api.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/page_manager/page_manager.api.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/page_manager/theme/page-manager-edit-page.tpl.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/stylizer/plugins/export_ui/stylizer_ui.class.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/tests/ctools.drush.sh [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/tests/plugins/cached/ctoolsCachedPluginArray2.class.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/tests/plugins/cached/ctoolsCachedPluginArray.class.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:23 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/tests/plugins/not_cached/ctoolsNotCachedPluginArray2.class.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:24 vps lfd[4904]: *Suspicious File* /tmp/update-extraction-8cae2b26/ctools/tests/plugins/not_cached/ctoolsNotCachedPluginArray.class.php [myuser:myuser (501:501)] - Script, file extension
    Apr 8 19:26:24 vps lfd[4904]: Too many hits for *LF_DIRWATCH* - Directory Watching disabled
    Apr 8 19:29:23 vps lfd[5132]: *User Processing* PID:5126 Kill:0 User:myuser VM:291(MB) EXE:/usr/bin/php CMD:/usr/bin/php /home/myuser/public_html/drupal/index.php
    Apr 8 19:26:24 vps lfd[4904]: Too many hits for *LF_DIRWATCH* - Directory Watching disabled

    QUESTION 1: Why is the Drupal update process (or update gunzip decompression process) generating "Suspecious Files" warnings and leaving directories of files in /tmp instead of in the Drupal installation directory where they were destined ???
    QUESTION 2: Is this a security concern, a Drupal 7.22 update problem, or merely a cPanel CFS (security) configuration issue ???
    QUESTION 3: What should be done ??? I am guessing that others may also encounter this issue.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Drupal nor CSF are cPanel products, you might want to look into this at Drupal support. Were you attempting to install this from command line I take it?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice